iscc2021线下比赛 & 第一场线下AWD & 杂
前言
这是第一场线下比赛,所以记录一下,它是个混合模式,应该是上午CTF,下午AWD,所以在后面记录一下CTF训练的记录!
2021.6.1萌新赛-re_signin
这个是真的套题!
有点绕!
先使用uncompyle6进行pyc反编译,在线反编译和Easy-python这个是无法进行完全的反编译的!必须使用uncompyle6
uncompyle6 -o . flag.pyc
# uncompyle6 version 3.7.4
# Python bytecode 3.8 (3413)
# Decompiled from: Python 3.7.9 (tags/v3.7.9:13c94747c7, Aug 17 2020, 18:01:55) [MSC v.1900 32 bit (Intel)]
# Embedded file name: /home/mumuzi/桌面/flag.py
# Compiled at: 2021-05-28 16:16:08
# Size of source mod 2**32: 528 bytes
flag = 'xxxx{xxxxxxxxxxxxxxxxxx}'
import random
c = [0] * len(flag)
for i in range(len(flag)):
c[i] = ord(flag[i])
else:
print(c)
t = 0
for i in range(2000):
num = range(0, 100)
nums = random.sample(num, 22)
numss = nums.copy()
for i in range(len(nums) - 1):
for j in range(len(nums) - i - 1):
if nums[j] > nums[(j + 1)]:
nums[j], nums[j + 1] = nums[(j + 1)], nums[j]
if count == c[t]:
print(numss)
t += 1
if t == 24:
break
这里还有一个数据,一共有24组数据,每组22个数!而flag应该也是24位!
import random
v1 = [73, 69, 60, 20, 64, 68, 99, 4, 36, 9, 91, 42, 75, 43, 8, 77, 55, 70, 84, 37, 3, 93]
v2 = [85, 46, 47, 99, 58, 35, 83, 3, 57, 18, 52, 17, 97, 16, 6, 51, 84, 62, 1, 41, 88, 87]
v3 = [97, 34, 31, 80, 19, 57, 10, 84, 4, 50, 43, 63, 65, 88, 30, 72, 21, 36, 27, 41, 86, 79]
v4 = [31, 23, 68, 67, 30, 47, 27, 40, 73, 63, 11, 89, 18, 5, 9, 74, 88, 38, 8, 20, 50, 83]
v5 = [88, 5, 85, 82, 36, 74, 6, 15, 40, 55, 95, 8, 84, 47, 96, 33, 25, 29, 77, 67, 26, 39]
v6 = [54, 53, 0, 37, 66, 91, 39, 38, 57, 6, 47, 28, 49, 92, 29, 85, 88, 84, 90, 13, 35, 52]
v7 = [80, 18, 26, 91, 10, 52, 11, 99, 85, 75, 60, 48, 36, 74, 55, 51, 86, 49, 89, 29, 82, 16]
v8 = [35, 70, 42, 44, 18, 65, 84, 71, 26, 14, 38, 28, 21, 86, 20, 54, 30, 11, 66, 10, 69, 77]
v9 = [71, 25, 43, 23, 29, 6, 33, 44, 5, 30, 32, 18, 47, 13, 76, 8, 83, 87, 57, 26, 16, 19]
v10 = [29, 51, 7, 62, 94, 32, 57, 1, 71, 84, 92, 16, 18, 19, 56, 52, 40, 80, 98, 44, 82, 33]
v11 = [67, 14, 93, 91, 78, 80, 7, 37, 10, 82, 38, 83, 23, 27, 17, 76, 74, 18, 66, 24, 99, 43]
v12 = [29, 56, 44, 54, 70, 31, 10, 38, 8, 85, 18, 22, 32, 49, 2, 21, 50, 5, 25, 48, 90, 84]
v13 = [23, 33, 90, 7, 42, 71, 25, 58, 5, 47, 54, 18, 97, 72, 2, 1, 68, 64, 76, 85, 69, 49]
v14 = [77, 67, 52, 31, 35, 6, 56, 94, 81, 23, 78, 50, 15, 10, 28, 69, 43, 91, 82, 72, 99, 38]
v15 = [20, 47, 52, 27, 73, 64, 9, 62, 3, 57, 2, 97, 44, 35, 89, 10, 18, 29, 58, 56, 74, 84]
v16 = [66, 11, 76, 91, 70, 9, 6, 75, 32, 71, 44, 48, 88, 20, 98, 97, 79, 63, 47, 78, 60, 81]
v17 = [43, 13, 70, 23, 31, 69, 52, 30, 2, 78, 0, 37, 73, 93, 18, 1, 51, 62, 25, 68, 65, 87]
v18 = [24, 86, 29, 0, 93, 51, 53, 47, 16, 40, 94, 98, 88, 64, 41, 83, 44, 35, 45, 75, 17, 46]
v19 = [33, 12, 63, 77, 25, 24, 47, 58, 6, 89, 97, 27, 21, 96, 92, 50, 82, 76, 5, 62, 56, 44]
v20 = [12, 36, 16, 44, 19, 62, 43, 80, 58, 98, 69, 97, 1, 7, 49, 26, 70, 34, 53, 13, 65, 48]
v21 = [51, 74, 76, 98, 33, 78, 44, 45, 4, 65, 99, 84, 80, 93, 37, 56, 77, 9, 6, 94, 52, 88]
v22 = [80, 38, 88, 66, 7, 40, 70, 24, 2, 12, 76, 18, 57, 73, 58, 83, 33, 17, 89, 69, 77, 67]
v23 = [18, 53, 14, 24, 94, 42, 61, 75, 62, 60, 73, 2, 65, 48, 80, 23, 44, 91, 7, 0, 31, 71]
v24 = [16, 54, 87, 75, 8, 23, 33, 56, 22, 63, 1, 2, 25, 6, 84, 80, 4, 49, 17, 42, 14, 43]
nums = v24.copy()
count = 0
for i in range(len(nums) - 1):
for j in range(len(nums) - i - 1):
if nums[j] > nums[(j + 1)]:
nums[j], nums[j + 1] = nums[(j + 1)], nums[j]
count += 1
'''
length = len(num) - 1
count = 0
i = length
while i >= 0:
j = length -i -1
while j >= 0:
if num[j] > num[j-1]:
num[j], num[j - 1] = num[(j - 1)], num[j]
count += 1
j -= 1
i -= 1
'''
#print(count)
print(chr(count))
#synt{jrypbzr_gb_arjfpgs}
flag = 'synt{jrypbzr_gb_arjfpgs}'
print(len(flag))
num = [0] * 22
j = 0
for i in range(len(flag)):
if i == 4 or i == len(flag) - 1:
continue
else:
num[j] = ord(flag[i])
print(num[j])
j += 1
length = len(num) - 1
count = 0
i = length
while i >= 0:
j = length -i -1
while j >= 0:
if num[j] > num[j-1]:
num[j], num[j - 1] = num[(j - 1)], num[j]
count += 1
j -= 1
i -= 1
for i in range(22):
print(chr(num[i]),end='')
这里解出来是synt{jrypbzr_gb_arjfpgs}
到这里还需要进行凯撒解密!(真套,套神精品)
flag{welcome_to_newsctf}
训练Ctf
re200
这道题学习到了一个新的知识点!修复PE头!
此时我们可以看看不修复PE头进入ida是什么情况!
所以此时我们来进行一波修复PE头!然后用winhex进行修复(或者010)
然后我们进行一波修复!此时就可以使用ida打开!
所以我们主要看看主体代码,也就是加密代码!
而且下面是比较清晰的看到9个数中间3个数定下了!
最后三个数是没有要求的!所以我们开始写出脚本,来看看符合要求的前三个数是什么?
for i in range(0x100000):
for j in range(0x100000):
k = (i ^ j) + 4
if (i * j * k / 11) == 106:
if ((i + j + k)%100) == 34:
print(''+i+','+j+','+k)
#应该就是这样写的了,可以弄出来前三位数字!
根据wp来说的话,它们是直接测试的,我这里是不能够测试的!而且这里是没有办法测试出数字的,这里不知道为什么不对!
正确的数字是15,6,13,但是这组数字是没有办法测试出来的!
flag{15613abc}
hackme
这个也是一道逆向题。直接ida64就可以打开!
一眼就可以找到主函数,逻辑比较简单!
这里不要使用python进行编程,会报错的,使用C语言进行编写!
#include<stdio.h>
int main()
{
int flag[30] = {0x5F, 0xF2, 0x5E, 0x8B, 0x4E, 0x0E, 0xA3, 0xAA, 0xC7, 0x93,
0x81, 0x3D, 0x5F, 0x74, 0xA3, 0x09, 0x91, 0x2B, 0x49, 0x28,
0x93, 0x67, 0x00, 0x00, 0x00, 0x08};
int i,v8,v9,v5;
for(i = 0;i < 22;i++){
v8 = 0;v9 = 0;
while (v8 < i+1){
v8++;
v9 = 1828812941 * v9 + 12345;
}
v5 = v9 ^ flag[i];
printf("%c",v5);
}
}
flag{d826e6926098ef46}
拿我旗帜没那么容易
这个是个apk逆向!太过于简单了!
然后直接就有了flag了!
flag = [75, 69, 89, 123, 97, 119, 52, 110, 110, 52, 95, 107, 52, 114, 95, 109, 120, 95, 100, 51, 120, 125]
for i in range(len(flag)):
print(chr(flag[i]),end='')
KEY{aw4nn4_k4r_mx_d3x}
你能找到key吗?
依旧是个安卓逆向!
此时我们分析一下该函数!其实也是比较简单的,就是下面一个加密啦!
f = [42,43,32,23,85,5,15,8,22,7,7,68,14,5,15,17]#array
f2 = [42,85,32,23,85,37,15,8,22,7,7,68,14,5,15,17]
q = 'anylab'#key
q2 = 'AnyLab'
#排列组合有4种flag
for i in range(len(f)):
for j in range(128):
if (f[i] & 255) == (j ^ ord(q[i % len(q)])) & 255:
print(chr(j),end='')
break
#1.KEY{4gnfokf&okv}
#2.K;Y{4Gnfokf&okv}
#3.kEY[4gNfoKf&Okv]
#4.k;Y[4GNfoKf&Okv]
这样子flag就得到了!
开始线下赛
上午是ctf解题模式,Reverse有点难,第一道题先upx脱壳,然后我开始静态调试,没有什么用找不到主函数,动态调试发现没有任何提示,F9三次就直接跳出来了,没有输入输出,这就有点硬考验汇编能力了。
第二题是个apk,和以前的安卓逆向有点不一样,更不找不到主函数,函数太多了,flag藏在哪里都不知道!
第三题还是有点思路,有个逻辑不知道,不过应该是涉及到了部分爆破。
第四题也是个apk逆向,这个是在so里面,ida看起来也是比较复杂的,而且时间只有2个小时,所以这道题没有怎么看!
AWD
pwn机器没怎么看,web机器上了个waf,没有人能打进来。失分主要是在pwn机器。直到比赛结束后才知道了个骚操作,把bin给删掉,没有了命令,这样它就拿不到key了。
web机器是有个后门,需要在Xshell里面使用ls -a才可以看到隐藏的后门,然后删掉就可以了,此时我们就可以利用后门去攻击其它队伍,到后面才写出来批量脚本,不过我们队伍的拿分速度是比不上其它队伍的。
最后拿了个二等奖,离一等奖差几支队伍。
发现主要是pwn我不太会!pwn不到别人!
